Hacked: The Rising Threat of Intellectual Property Theft and What You Can Do About It

The same information systems that allow for information-sharing by distributed business teams also leave organizations open to the threat of intellectual property theft. Here's an explanation of the threat and how you can combat it.

The call to Bob Bailey, an IT executive with a major
government contractor, came on an otherwise ordinary day in
October 2003. “Why are you attacking us?” demanded
the caller, an IT leader with a Silicon Valley manufacturer. He
wanted to know why Bailey’s company had launched a
denial-of-service attack against his network.

Bailey (not his real name), deputy CIO in charge of IT
operations, was thrown. He spent the next several hours
reviewing logs and profiling systems. He discovered that
someone had taken over one of the company’s servers and
was using it to launch attacks against other companies in the
valley.

After conducting a forensic review of the drives, Bailey
learned that intruders had been lurking on two of his
company’s servers for almost a year. These hackers, who
were traced to a university in Beijing, had entered the
company’s extranet through an unpatched vulnerability in
the Solaris operating system. As far as Bailey could tell, they
hadn’t accessed any classified information. But they were
able to view mountains of intellectual property, including
design information and product specifications related to
transportation and communications systems, along with
information belonging to the company’s customers and
partners.

“It was such a sobering experience,” Bailey
says, not least because three years earlier he had conducted a
network security audit and patched every hole. But he
hadn’t done the same with the extranet.

Bailey will never know who hacked his servers. China’s
poorly defended servers are often used to launch attacks. He
likes to believe that the culprits were a couple of students
who launched the DoS attacks out of boredom, grew bored with
that and went on their ways. But he knows that comforting
scenario may be wrong. It’s just as possible that the
intruders were after his company’s IP. And they easily
may have gotten it.

(CIO agreed to Bailey’s request for anonymity
in order to protect the identities of his company’s
business partners.)

Exposed

According to cybercrime experts, digital IP theft is a growing
threat. Although precise numbers are hard to come by, the U.S.
Department of Commerce estimates stolen IP costs companies a
collective $250 billion each year. And that number does not
include hacked or hijacked information that goes unnoticed or
unreported. The economic costs on a nationwide scale are
impossible to quantify just yet.

Suspected state-sponsored espionage against the U.S.
government has received the most publicity, thanks to the
investigation of a series of coordinated attacks on federal
computers dubbed “Titan Rain.” The 2003 attacks may
have been the work of a China-based cyberespionage ring that
was trying to steal government information, according to
articles published in The Washington Post and
Time magazine in 2005. But companies in any industry
may be vulnerable. As businesses increasingly collaborate with
external partners and expand globally, they’re also
increasing their exposure to criminals—and possibly
foreign governments—who may have more on their minds than
scoring some Social Security numbers.

How Vulnerable Are You to IP Theft?

If your intellectual property is digital,
you’re at risk for online IP theft. But there are
varying degrees of exposure. “It has to do with
how valuable a target you present and how well-defended
you are,” explains O. Sami Saydjari, president of
security consultancy Cyber Defense Agency.

The types of organizations that currently face the
highest risk include:

Large, globally distributed organizations

Small to midsize businesses in niche
markets

Companies with foreign partners or that sell
directly in foreign markets

Organizations with decentralized IT

Military or government organizations that rely
heavily on contractors and suppliers

Industries like telecommunications that supply
critical national infrastructure

External partners, locally and globally, are a
major source of risk. “You can spend millions on
your own defenses,” says John Bumgarner, research
director for security technology at the U.S. Cyber
Consequences Unit. But attackers may find a way in
through weak spots in the systems of customers or
suppliers. As intruders’ sophistication
increases, however, all organizations may face similar
vulnerabilities. “With new hacking methods, if
the information is not encrypted and it is very
valuable, it’s at high risk,” says Alan
Paller, research director for the SANS Institute.